At a glance.
- Cybersecurity firm fraudulent advertising case dismissal reversed.
- US government sanctions Iranian cloud tech firm.
- The privacy issues of age verification.
Cybersecurity firm fraudulent advertising case dismissal reversed.
The Washington Post discusses a US court decision that could have a major impact on how cybersecurity firms conduct business. On Friday the US Court of Appeals for the 9th Circuit reversed a lower court’s dismissal of Enigma Software’s 2017 lawsuit against Malwarebytes, which alleged that Malwarebytes’ labeling of Enigma’s software as “malicious,” “threats,” and “potentially unwanted programs” amounted to false advertising. Enigma claimed that Malwarebytes added the labels only after Enigma sued website Bleeping Computer for allegedly presenting “false, misleading, and deceptive information” about Enigma products because it received sales commissions from competitor Malwarebytes. Malwarebytes sought to dismiss the case, claiming the labels in question were “just [nonactionable] subjective opinions” instead of “verifiably false.” While acknowledging that judges are not experts on cybersecurity, the appeals court disagreed with Malwarebytes, declaring that the labels were indeed intended to be statements of fact.
Judge Richard R. Clifton, who authored the majority opinion, stated, “Because whether software qualifies as malware is largely a question of objective fact, at least when that designation is given by a cybersecurity company in the business of identifying malware for its customers, Enigma plausibly alleged that Malwarebytes’s statements are factual assertions.” The dissenting judge, Judge Patrick J. Bumatay wrote, “our court sends a chilling message to cybersecurity companies — civil liability may now attach if a court later disagrees with your classification of a program as ‘malware.’ But we have neither the authority nor the competence to arrogate to ourselves regulatory oversight over cybersecurity.”
US government sanctions Iranian cloud tech firm.
On Friday the US Treasury Department’s Office of Foreign Assets Control (OFAC) issued sanctions against ArvanCloud, an Iranian cloud technology provider, for allegedly “facilitating” government internet censorship. The Record explains that all property and interests in property in the US will be blocked, and any business dealings with the company are prohibited. OFAC says ArvanCloud was “a key partner” in the Iranian regime’s establishment of the National Information Network, a government-controlled internet that gave officials the power to limit citizens’ access to online content. “Arvan Cloud has a close relationship with Iran’s intelligence services, including the Ministry of Intelligence and Security (MOIS), and Arvan Cloud executives have extensive ties to senior Iranian government officials,” OFAC stated.
Earlier this year the Iranian government cut many of its citizens off from the internet in response to nationwide protests centered around the death of Mahsa Amini while in the custody of “morality police.” OFAC’s statement notes, “The Iranian government has regularly used Internet restrictions and the throttling of Internet speeds to suppress dissent, surveil and punish Iranians for exercising their freedom of expression and assembly both online and offline, and limit the dissemination to the international community of credible information about egregious human rights violations.” The EU imposed similar sanctions on the company in November, and ArvanCloud denied the allegations, stating, “These false accusations are repeated through social media and news outlets without solid evidence in a way that have become the basis for this unjust sanction. It is disappointing how European Union has been affected by and followed these one-sided and unsubstantial allegations.”
The privacy issues of age verification.
Last week US Surgeon General Vivek Murthy issued a nineteen-page advisory on the harms that social media impose on minors and offered recommendations for how to protect the mental health of children. But in an opinion piece for Wired, Albert Fox Cahn, founder and executive director of the civil rights and privacy group Surveillance Technology Oversight Project, says Murthy’s solutions could create more problems than they solve. Cahn states, “He is pushing for a critically misguided policy that many state legislatures and regulators have already enacted, a mistake that threatens to undo what little internet privacy we have left.” Murthey recommends that websites strengthen and enforce age minimums to protect minors from inappropriate content.
However, just how this age verification would be conducted is unclear. Cahn argues that requiring users to present government issued ID in order to verify their age would violate privacy rights and allow the government to easily track users’ internet activity. A more innovative solution would incorporate the use of artificial intelligence to estimate age based on a user photo, but this untested technology would likely lead to errors. Cahn concludes, “the truth is that magic technology to confirm everyone’s age will remain a fantasy, and the price of curtailing digital anonymity is an all-too-potent threat.”